From dbff4c2f3c72e8946f79bbcbc2e1e2262b3ce458 Mon Sep 17 00:00:00 2001 From: Andrew Lewis Date: Thu, 13 Apr 2017 17:00:25 +0200 Subject: [PATCH] [Feature] DKIM Signing: envelope match exception for local IPs - Also for sign_networks --- src/plugins/lua/dkim_signing.lua | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/plugins/lua/dkim_signing.lua b/src/plugins/lua/dkim_signing.lua index e20089967..2494161c4 100644 --- a/src/plugins/lua/dkim_signing.lua +++ b/src/plugins/lua/dkim_signing.lua @@ -21,6 +21,8 @@ local rspamd_util = require "rspamd_util" local settings = { allow_envfrom_empty = true, allow_hdrfrom_mismatch = false, + allow_hdrfrom_mismatch_local = false, + allow_hdrfrom_mismatch_sign_networks = false, allow_hdrfrom_multiple = false, allow_username_mismatch = false, auth_only = true, @@ -53,12 +55,17 @@ local function simple_template(tmpl, keys) end local function dkim_signing_cb(task) + local is_local, is_sign_networks local auser = task:get_user() + local ip = task:get_from_ip() + if ip and ip:is_local() then + is_local = true + end if settings.auth_only and not auser then - local ip = task:get_from_ip() - if settings.sign_local and ip:is_local() then + if settings.sign_local and is_local then rspamd_logger.debugm(N, task, 'mail is from local address') elseif (settings.sign_networks and settings.sign_networks:get_key(ip)) then + is_sign_networks = true rspamd_logger.debugm(N, task, 'mail is from address in sign_networks') else rspamd_logger.debugm(N, task, 'ignoring unauthenticated mail') @@ -102,7 +109,9 @@ local function dkim_signing_cb(task) edom = rspamd_util.get_tld(edom) end end - if edom and hdom and not settings.allow_hdrfrom_mismatch and hdom ~= edom then + if edom and hdom and not settings.allow_hdrfrom_mismatch and hdom ~= edom and + (not settings.allow_hdrfrom_mismatch_local or not is_local) and + (not settings.allow_hdrfrom_mismatch_sign_networks or not is_sign_networks) then rspamd_logger.debugm(N, task, 'domain mismatch not allowed: %1 != %2', hdom, edom) return false end -- 2.39.5